If you find the CyberWire a valuable resource, why not share it with friends and colleagues? Send them an Invitation to subscribe. As always, thanks for reading, and do stay in touch.

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
One Iranian APT tracked; another has its domains seized. Russian Venezuela detachment includes cyber unit. Plea in NSA leak case?
Symantec describes the activities of "Elfin," an Iranian group that's working against targets in Saudi Arabia and the US. Elfin's targets have been drawn largely from the "engineering, chemical, research, energy consultancy, finance, IT, and healthcare sectors." Symantec calls the group agile and active, and notes that it operates by scanning for vulnerable websites against which it deploys a range of commodity and custom-built tools. SecurityWeek notes that FireEye tracks the group as APT33. Neither Symantec nor FireEye think Elfin is the group responsible for the 2018 wave of Shamoon attacks, although Elfin and Shamoon's targets have shown some overlap.
Microsoft yesterday took down a different Iranian APT by seizing ninety-nine websites the group (which Microsoft calls "Phosphorus" and others call "Charming Kitten" or "APT35") used to stage attacks.
Newsweek and others report that a small contingent of Russian troops, two planeloads, arrived in Venezuela with the avowed purpose of assisting the Chavista regime recover from what Caracas maintains is a wave of cyberattacks and sabotage that have crippled its electrical grid. The Russian troops are said to include both special operations forces and cyber operators. Few credit the Maduro regime's hacking allegations, but that's their story and they're sticking to it. As the Military Times observes, the US wants the Russians out, and the Russians say they're staying.
The Wall Street Journal, citing court records and defense counsel's statements, reports that former NSA contractor Hal Martin is today expected to plead guilty to charges involving theft of classified material.
Today's issue includes events affecting Australia, Belgium, China, Czech Republic, European Union, Iran, Israel, Jordan, Morocco, NATO/OTAN, Russia, Saudi Arabia, Thailand, Ukraine, United Arab Emirates, United Kingdom, United States, and and Venezuela.
Our Threat Analysis Unit researched the current state of cyberattacks across our customer base with our IR partners. See the results.
In today's podcast, out later this afternoon, we speak with our partners from Lancaster University, as Daniel Prince discusses cyber risk management. Our guest, Satish Thiagarajan from Tata Consultancy Services, talks about customizing machine learning to combat cyber attacks.
And Hacking Humans is up. In this week's episode, "Pick a persona to match the goal," we follow up on remotely previewing websites. Joe has the story of scammer bilking Facebook and Google out of millions. Dave reviews best practices for deleting data on devices you dispose of. The catch of the day is an offer of criminal partnering with the CIA. Our guest is Jeremy N. Smith, author of the book Breaking and Entering: the extraordinary story of a hacker called "Alien".